GDPR & Email Marketing: What do you need to know?

It’s now just a couple of weeks before the GDPR legislations come into force and whilst we’ve spent lots of time here on the blog focusing on how you can get your SMS data into shape, there’s likely other areas of your marketing that you need review before 25th May. We caught up with our friends over at Jarrang to find out a little more on how GDPR will affect email marketing. Stafford Sumner, Founder and email marketing guru, gives us his insight into what you need to know if you’re managing email data.

At Jarrang, we’ve been at the forefront of the email marketing industry for 15 years and have seen many notable stages of evolution. First and foremost, it’s important not to be scared by the changes to the legislation. In fact, as marketers, it’s something we should welcome as it brings more clarity as to what we can and can’t do with data

You’ll have a more engaged database (which means increased conversion rates), you’ll spend less on the volume of emails you send and this is the perfect opportunity to ensure your database is fresh.

So what are the changes and what do they mean for you?

As the Data Controller, you’re responsible for ensuring that the data being stored and processed by the email marketing software or company you use (the Data Processor) is compliant with the current data regulations, which means, among other considerations, you have the right permissions to send them email marketing communications.

Your Data Processor, will ensure that your data is stored and processed in a compliant manner, however they are not responsible for choosing which data is processed, the legal basis under which that data is processed, or the content that is sent to the data subject.

Typically speaking, there are two key legal bases under which you can lawfully process data for email marketing purposes: Legitimate Interest and Consent.

The majority of you will send email marketing communications to your customers (people who have ‘transacted’ with you in the past, and in the course of that transaction, have supplied their email address). This data has been collected legitimately under the current laws and you can prove the transaction e.g. date of sale.

Most people are using Legitimate Interest as the legal basis under which they will continue to send email marketing communications to their customers in the future. Apart from cleansing their current customer database by removing unnecessary data fields and unengaged contacts, they can usually carry on using this data with very little further action.

Many people have asked us about sending ‘Re-Consent’ emails to ask their database to Consent to receiving future email communications. This is typically only necessary where the source of the data cannot be proved i.e. it is not clear if the data subject has been a ‘Customer’, or if they haven’t engaged for a very long time.

It should be said here that different data sets within a database can be processed in different ways so the majority of data could continue to be used under Legitimate Interest, but other data sets may need to use Consent. Only the data needing Consent, will need to be sent a ‘Re-Consent’ email.

We do suggest people think very carefully about sending ‘re-consent’ emails to a customer database because once this has been sent, one cannot simply decide to go back to processing data under Legitimate Interest, particularly if the response is very low.

On a purely pragmatic level, if a business already has Consent, or can use another legal basis, such as Legitimate Interest, to send email communications to its clients, why would they want, or need, to ask for this again?

Businesses sending re-consent emails have decided that they do not want, or cannot use, Legitimate Interest as the legal basis. They also accept that there will be a very low click-through rate on their re-consent emails and may see their database size fall by as much as 90%.

On a Commercial level, there should be a serious conversation about the impact such a reduction may have the on the revenues from the email channel. If Legitimate Interest can be used for customers, it could be favourable to do so.

So once you have confirmed your legal position what are the practical things that can be done next to cleanse the email marketing database that Jarrang holds for you? We have put together some thoughts:

1. Delete any unnecessary data fields from your database.

Only store the fields on your email marketing platform that are necessary for you to process the email marketing communications.

For example, you may wish to keep the email address (obviously!), post code and date of last purchase, but do you need to keep first last names, postal addresses, or date of birth? If there was a data breach, you need to demonstrate that you have minimised the amount of data that can be leaked and the damage that leak might cause.

2. Delete unengaged data

Decide how long you want to keep a contact on your database after their last engagement with you (an engagement might be an “open’ of your email).

Typically speaking, most of our clients are keeping their data for two years after the last engagement and deleting anyone who hasn’t engaged within the same time frame. This will not only help you to be compliant but it could potentially save some budget on email volume. Database sizes will be lower, but the levels of engagement, as a percentage, will be higher.

3. Demonstrate a regular sending pattern to your contacts

Decide how frequently you should communicate with your database and ensure that you stick to a regular sending pattern.

For example, ensuring that each of your customers receives an email once a month will help you to keep your database fresh, especially if you are removing unengaged contacts on a rolling monthly basis too.

Really useful stuff! Stafford and the team at Jarrang have worked with specialist solicitors to create this guide for a more in-depth looks at email marketing and GDPR, you can download: A Practical Guide to Email Marketing & GDPR free here – https://jarrang.com/GDPR/